Date: Sun, 22 Jun 2014 23:58:45 +0200 From: David Faure <faure@....org> To: Richard Moore <rich@....org> Cc: Nick Boyce <nick.boyce@...il.com>, oss-security@...ts.openwall.com Subject: Re: KMail/KIO POP3 SSL MITM Flaw On Sunday 22 June 2014 21:47:50 Richard Moore wrote: > > I'm not sure whether to interpret the 'Versions' line in the advisory > > as "bug was introduced at kdelibs 4.10.95" Yes, this is what "Versions: kdelibs 4.10.95 to 4.13.2" means. The file usernotificationhandler.cpp was introduced in 4.10.95 (for the fix for bug 154100 and 265228) Before that, SlaveInterface handled the messagebox request itself, with no need for a job pointer. > There is an IBM ISS report  which implies the bug affects at least > kdelibs 4.6.x .... No idea where they got that from.... I cannot confirm this. -- David Faure, faure@....org, http://www.davidfaure.fr Working on KDE Frameworks 5
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ